A Review of the Best News of the Week on AI, IoT, & Mobile Security

Taking down Gooligan: part 1 — overview (Elie Bursztein – Google, Mar 10 2018)
This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Smartphone CEO Arrested After Drugs Bust (Infosecurity Magazine, Mar 13 2018)
Phantom Secure devices are BlackBerry handsets with all hardware and software including voice, microphone, GPS, camera, internet and Messenger removed. PGP is then installed on email routed through servers in Hong Kong and Panama, countries which were chosen for their non-co-operation with the US, it is claimed.

Second company claims it can unlock iPhone X (Naked Security – Sophos, Mar 07 2018)
A tiny US company called Grayshift is reportedly quietly touting software it claims can unlock Apple’s flagship handsets, the iPhone X and 8.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Security Community Must Grapple with AI’s Ascent (Infosecurity Magazine, Mar 07 2018)
AI has been positioned as the technology on the verge of transforming many aspects of society.

How artificial intelligence and machine learning will impact cybersecurity (Malwarebytes Labs, Mar 09 2018)
Most of these new threats can easily be classified into existing families or familiar types of threats. In most cases, spending time looking over each new threat in detail would be a waste of time for a researcher or reverse engineer. Human classification, especially in bulk, will be error-prone due to boredom and distractions. Machines, however, do not mind going through the same routine over and over, and they do it much faster and more efficiently than people do.

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign (Microsoft Secure, Mar 07 2018)
Just before noon on March 6 (PST), Windows Defender Antivirus blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Behavior-based signals coupled with cloud-powered machine learning models uncovered this new wave of infection attempts.

Using machine learning to detect possible insider threats (Cisco Blog, Mar 09 2018)
Using a machine-learning algorithm, Cisco researchers looked at data exfiltration trends for 150,000 users in 34 countries, all using cloud service providers during a 6-month period from January to June 2017.

A Quick History of IoT Botnets (Radware Blog, Mar 01 2018)
Currently, more things are connected to the Internet than people. According to Gartner, there are approximately 6.4 billion connected devices in use worldwide (2016), estimated to reach 20 billion by 2020.1 A staggering number that exponentially expands a hacker’s field of attack.

Experts: UK Gov’s IoT Security Guidelines Must Go Further (Infosecurity Magazine, Mar 07 2018)
The UK government has proposed new industry guidelines designed to improve the security of IoT products, although experts have argued that they don’t go far enough. The government’s Secure by Design review is intended to move the burden of securing smart gadgets away from consumers by ensuring it’s built in from the start.

What to understand about health care IoT and its security (Network World Security, Mar 06 2018)
How the Internet of Things is disrupting the health care market and how we can take steps to secure medical devices.

Smart traffic lights cause jams when fed spoofed data (Naked Security – Sophos, Mar 08 2018)
Researchers have found that attack cars sending out fake trajectory data can plug up an intersection solid.

IIC Releases IoT Endpoint Best Practice Guide (Infosecurity Magazine, Mar 12 2018)
The Industrial Internet Consortium is looking to simplify IoT security.

Gartner Survey Reveals Nearly Half of Organizations Implementing IoT Are Using or Plan to Use Digital Twin Initiatives in 2018 (Gartner, Mar 13 2018)
A digital twin is a digital representation of a physical object. It includes the model of the physical object, data from the object, a unique one-to-one correspondence to the object and the ability to monitor the object.

The Current State of Connected Cars: Can we be Secure? (The State of Security, Mar 12 2018)
The major problem is that controller area networks that connect various ECUs within the system of a car are usually connected to external networks such as 3G or 4G mobile networks. This is where an external danger may wirelessly sneak in.

Wire shares results of independent security audit of its secure messaging apps (Help Net Security, Mar 07 2018)
The company [Wire] had already previously engaged outside experts to audit its Proteus cryptographic protocol implementation, and now has revealed the results of a security and privacy audit of its iOS and Android apps, its web app, and the signalling components of the calling protocol.

Researchers Defeat Android OEMs’ Security Mitigations (Dark Reading, Mar 07 2018)
At Black Hat Asia, two security experts will bypass security improvements added to Android by equipment manufacturers.

Android P: Expected security and privacy improvements (Help Net Security, Mar 08 2018)
Google has released a developer preview of the next version of Android, currently called “Android P.”

Mobile Ad Trojans Evolve to Maximize Profits (Infosecurity Magazine, Mar 07 2018)
With root privileges, they can secretly install various applications or bombard an infected device with ads to make use of the smartphone impossible.

Researchers Devise New Attacks Against 4G LTE Mobile Networks (SecurityWeek, Mar 06 2018)
A team of researchers from Purdue University and the University of Iowa have discovered 10 new attacks against the 4G LTE protocol, which could allow adversaries snoop on messages, deny service, and even track the location of users.

Dark Caracal Points To APT Actors Moving To Mobile Targets (Threatpost, Mar 08 2018)
Lookout researchers discussed Dark Caracal’s implications for APT actors in the mobile space and why its now a juicy target.